license key validation - encryption/decryption
Scott Yang
syang at xplantechnology.com
Wed Dec 5 19:05:56 EST 2001
ngps at madcap.dyndns.org (Ng Pheng Siong) wrote in message news:<9ulhm1$mmk$1 at dahlia.singnet.com.sg>...
> > The next problem is where to store the hash.
> The hash is part of the signature. You sign your "feature set descriptor"
> with your private key. Install the signature with the application.
However, you still have to store the signature of your key pair
somewhere in the application. And as long as it is stored on the user
side, there is a potential being discovered and cracked.
> > Which doesn't help at all if both keys are available to the potential
> > cracker.
> Your private key is not installed with the application. Indeed, it should
> be kept very securely. Only the public key is installed, to verify the signature.
>
> Such schemes won't stop determined pirates, though. They only keep honest
> people honest.
Exactly! There are always loop-holes even in the most hardened
anti-piracy schemes. Sometimes knowing your potential user base might
help. Knowing that most of them are actually quite
computer-illiterate, it does give you some peace of mind :)
--
Scott Yang <syang at xplantechnology.com> PGP: 0xF9DCFA8C
Xplan Technology Pty Ltd. <http://www.xplantechnology.com>
Software Architect.
More information about the Python-list
mailing list